 |
My, how time flies! Here we are at the end of another ISACA year. This month, we celebrate earning the K. Wayne Snipes awards, the highest awards given by ISACA to chapters, both at the North American level and the International level. We can all be proud to have such a wonderful chapter. Congrats to one and all!! At our June meeting, we will welcome Richard Tuck and Michelle Maltzahn from Lander International in California, and Diane Nelson from ISACA International. Come hear news from outside our area which directly affects our profession. Be sure to answer the Annual Chapter Survey when it hits your Inbox. This is the way we gather vital information to run the chapter to meet YOUR needs. We can’t give you what you want if you don’t participate. Hope to see you at the June meeting on the 10th, then enjoy a few months off, and we’ll see you again in September. Have a wonderful summer! |
|
Sue Pagel, CISA, CSOX |
|
At our May 2010 meeting, our Nominations Committee presented their slate of North Texas Chapter candidates for the 2010-2011 fiscal year. Those in attendance voted their approval of the proposed slate and to close the nominations. All of the still-available slots have since been filled. At our June meeting, those in attendance will be asked to confirm the nominations below for next year's Board of Directors. The new Board will assume their responsibilities on July 1st, 2010. |
|
Executive Council (Elected Positions)
Board of Directors (Appointed Positions)
|
If you missed the ISACA spring seminar on virtualization, you truly missed a great session. The seminar was conducted by Dennis Moreau, Senior Technologist, RSA Security. Within the first ten minutes of the seminar, the WOW! Factor had set in.
The force behind virtualization is to create or obtain better utilization of the Information Technology (IT) hardware. Virtualization makes a single machine appear as multiple machines, rather than just one. Resource sharing may include, but is not limited to, drivers, CPU, memory, etc. IBM was the leader in early virtualization systems with VM on the mainframe.
Sadly, there is currently only minimal guidance available regarding PCI security in a virtualized environment. As a result, determining PCI compliance is largely dependent on the experience and perspective of the Qualified Security Assessor (QSA) reviewing the environment. But efforts are underway by the PCI Security Standards Council to address this shortcoming.
Virtualization can improve security through isolation and eliminate certain types of exploits. It can also improves controls over network activity and provide rapid deployment of the next desired state.
However, there is a downside to virtualization. The insulation that is provided by virtualization increases application stack depth, therefore limiting visibility. This makes it easier to hide information and harder to check policy.
The larger code base also creates a greater risk of bugs, such that compromise of the virtualization layer could compromise all hosted workloads. Additionally, workloads having different trust levels may be consolidated onto a single physical server without sufficient separation. The security features and risks noted above were only a fraction of those discussed in the seminar.
Virtualization has vulnerabilities of its own, some of which were noted at previous Black Hat conferences. There are various types of virtualization environments such as virtual storage, virtual traffic, desktop virtualization, and virtual applications which appear to be the fastest growing this year. The security complexities necessitate more controls, more layers, and more constraints. Although there is no current guidance from PCI on virtualization, there is guidance from Gartner, Center for Internet Security, and DISA. There are also hardening guides from VMware.
The seminar also touched on cloud computing, APIs, and coupling. Discussions were held on each of the topics giving consideration to the security controls and associated risk.
|
This summary was written by Rhonda Allen, Senior IT Auditor, AmeriCredit Corp. with assistance from Tony Bearden, Application Security Analyst, AmeriCredit Corp. Rhonda is also a member of the Newsletter Committee for our North Texas Chapter of ISACA. |
Your North Texas Chapter of ISACA is working to provide meaningful training sessions locally for our membership. We already host a Fall and a Spring seminar each year, and certification review courses for CISA and CISM, but we plan to do more.
During our upcoming summer hiatus, the Internal Audit organization at JCPenney has arranged to have SANS Institute Instructor Tanya Baccam provide two days of UNIX training for their employees and our members. ISACA is partnering with JCPenney to facilitate the event at JCPenney's headquarters location in Plano. We anticipate both organizations benefiting by working together.
Tanya routinely conducts numerous audit, security and networking classes both independently and for the SANS Institute. She has conducted several classes for ISACA and IIA previously, and the reviews are always stellar. We are confident that anyone attending this UNIX training will agree.
Full details will be posted on our website soon as details are firmed up. Registration should be open later in June.
Our local North Texas Chapter of ISACA is looking for area organizations willing to partner with us on educational seminars during the coming 2010-2011 year. We are borrowing an idea from the NYC chapter, forwarded to us by one of our own members!
Essentially, if the Corporate Partner can provide a location, parking and logistics, we can provide instructors, course materials, and registration services. This allows ISACA to provide additional educational opportunities to our members while the volunteer corporation is able to register a number of their own employees at little to no cost (pending course specifics). The JCPenney seminar on UNIX, described above, is an excellent example of how ISACA and the sponsoring organization can mutually benefit.
Topics and duration (half day to multiple day) will be determined based on areas of interest. Suggested topics include courses such as: IT Audit Basics, Enterprise Risk Management, Auditing SAP, IT Project Management Essentials, IT Governance, and other topics ranked favorably on our member survey. But if your organization has a specific need that meshes well with ISACA's goals, please contact us to discuss.
 |
Vinay Gandhi, CISA, CISM |
Each Spring, we recognize those North Texas members who have recently been awarded the CGEIT, CISA or CISM certification. In May, we recognized all 147 certification recipients as a group, but especially those that were in attendance at the May meeting. Please congratulate the following members for these significant achievements. (May attendees are highlighted below in green.)
ISACA North Texas Certification Recipients
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Those in attendance at the May meeting were memorialized below. Again, our congratulations.
|
|
|
May 2010 Newly Certificated CGEIT, CISA and CISM in Attendance |
 |
Iddah Wangondu, CISA, CISSP |
The North Texas Chapter is proud to be recognized as not only the Best Very Large Chapter in North America, but also the Best Very Large Chapter Worldwide!. At the June meeting, ISACA will be presenting these K. Wayne Snipes awards to the chapter.
The K. Wayne Snipes Chapter Recognition Award, established in 1989, provides recognition to those chapters who meet or exceed special service goals by actively supporting local membership, and thus the IS audit and control profession. Criteria assessment is based on information submitted as part of the annual Chapter Annual Reports received by International Headquarters. Chapters must also submit their Balanced Scorecard Rating Grid and proof of an annual audit/verification/review in order to be included in the judging process.
Chapter performance is assessed on the following criteria:
ISACA congratulates the 2009 K. Wayne Snipes Award winners:
Wordwide Winners:
Small—New Orleans (USA)
Medium—Costa Rica
Large—Orange County (USA)
Very Large—North Texas (USA)
Regional Winners:
| Asia Small—None Medium—Sri Lanka Large—Pune (India) Very Large—Mumbai (India) |
Latin America |
Europe/Africa Small—NoneMedium—Valencia (Spain) Large—Athens (Greece) Very Large—London (UK) |
|
North America |
Oceania |
|
|
Sue Pagel, CISA, CSOX |
The ISACA North Texas Chapter Board of Directors encourages corporate responsibility, and each year has specifically budgeted dollars to help another ISACA North American chapter in need of assistance. The Board performs due diligence to identify which chapters are most in need by performing the following specific activities:
For 2010, a Board committee comprised of Donna Hutcheson, Laurie Flandrau, Cheryl McKay-Dorrell and Rick Link recommended that a $3,000 check be provided to the following ISACA North American chapter:
Tulsa Chapter
Tulsa, Oklahoma
http://www.isaca-tulsa.org/
The Committee will contact the chapter's officers to provide support on how these funds can best be utilized to help grow and strengthen Tulsa's chapter meetings, training seminars, and hopefully their membership. Donna Hutcheson and Laurie Flandrau have volunteered to be the Board liaisons during this process.
Respectfully submitted,
 |
Rick Link, CISA, CISSP, CISM |
The word is getting out - that firms and recruiters can post their available audit and security-based openings on our JOBS Board, without charge. Help bring jobs and job seekers together by promoting job postings. Your fellow ISACA members will appreciate it.
Currently, we have three positions posted, as detailed below. See our website regularly for any updates and for complete details:
| Company: Ratliff Associates (Recruiter) Position: Senior Public IT Auditor (permanent) Location: North Dallas Salary: $72K - $95K + Bonus (negotiable based upon experience, credentials and past earnings history) Contact: Connie Ratliff 214.570.8483 |
General: The Senior Auditor will plan and conduct IT and Compliance audits for a diverse client base. This senior will function as a key knowledge holder on non-traditional audits (SAS70, SOX, IT Assessments, Internal Controls, etc.) and serve on traditional financial statement audit teams as skills permit.
Responsibilities:
Requirements:
Travel: Only 10% to 20%!!
Education and Certifications:
Additional details and current job postings are available at: ISACA North Texas Job Postings.
|
Company: JPS Health Network |
General: Support the Manager, Information Security in maintaining the confidentiality, availability, and integrity of the District’s information assets.
Duties:
Requirements:
Education and Certifications:
ADA Essential Elements:
Other: Essential elements are those duties which must be performed to accomplish the job. The following statements are descriptors of essential elements:
Additional details and current job postings are available at: ISACA North Texas Job Postings.
|
Company: Contineo |
General: Contineo is a Professional Services Corporation specializing in compliance auditing, consulting, information technology and managed services. We provide solutions to companies in various industries across the U.S., including finance/banking, health care, law, high-tech and real estate. The qualified candidate is an audit and/or IT professional with financial and/or healthcare industry knowledge and who possesses a combination of consulting, audit, risk analysis, and project planning experience. Strong communication and documentation skills will be required to successfully perform in this rewarding position. This position reports to the Vice President.
Duties:
Requirements:
Travel: 50-60% required
Education and Certifications:
Benefits:
Other: Anticipated start date is July/August 2010.
Additional details and current job postings are available at: ISACA NTC Job Postings.
Now, let's get more jobs posted. This is a win-win for all concerned employers, recruiters, job candidates and our ISACA chapter.
To post an available position, just complete a Job Posting Template and e-mail it to jobs@isacantx.org. Each job posting will be displayed on our site for one month, but can be reposted again or removed at any time by request.
All posted job descriptions will also be included in this newsletter each month .Members can also examine the available positions on the ISACANTX.ORG job board at http://www.isacantx.org/index.cfm/Job_Postings.
Don't forget - Postings are FREE!
Our thanks to Shirley Walker of our newsletter team for extracting and formatting these positions for inclusion in the newsletter.
 |
Bryan Plantes |
Interested in positions outside the DFW area, even world-wide? ISACA International maintains a Career Centre that hosts hundreds of available opportunities. Just select Career Centre from the left-hand menu options at www.isaca.org.
June 10, 2010 - Meeting Agenda
You have until Noon on Wednesday, June 9th to register for this meeting. But in the event you find you are unable to attend after you've registered, please contact reservations@isacantx.org for assistance with canceling your reservation. This will help us keep our event registration fees reasonably priced.
|
Pre-Luncheon Session - 10:30 AM - 11:20 AM In the best of circumstances directing an IT Audit department is a dynamic activity requiring a balancing act between meeting corporate audit needs, developing motivational skills to keep the team moving forward and coaching abilities to bring out the best in people. The Great Recession certainly added layers of complexity to the equation. Now, with the economy on the upswing, hiring for Audit and Risk Management teams is gaining momentum. Companies that had layoffs just a year or two ago are starting to reformulate their hiring strategies to expand and to rebuild. Employee satisfaction though is at all time low. This facilitated session will feature a panel discussion with managers and directors sharing their successes of how they made the most of a difficult circumstance and how they are planning the turnaround. A total of 1.0 CPE credits will be awarded. Luncheon Session - 11:30 PM - 1:30 PM After two years of cutbacks and budget trimming, audit departments are looking forward to an easier time in the next year accomplishing their goals and rebuilding their team structures. This lively session will give an anecdotal overview of what we have just lived through as auditors for the last decade and what the future is about to bring. The rules for profit making for corporate America are shifting and there is more pressure than ever to keep a firm eye on the bottom line. As departments plan to expand their hiring, the bar has been raised on the requirements for hiring. Auditors need to have additional skill sets. Ironically though, corporations are just discovering that the new skills are incredibly scarce, and the supply of experienced people is diminishing. A total of 1.0 CPE credits will be awarded. Post Luncheon Session - 1:40 PM - 2:30 PM Join us for the presentation of the prestigious K. Wayne Snipes awards recently bestowed upon our very own North Texas Chapter. It is a great honor for our chapter to receive both “Top Awards” for our chapter size!! The presentation will be followed by a celebration/networking session. This is a great time to share in the successes of our local chapter, meet a leader from ISACA International, and network with other members of ISACA of North Texas. No CPE credits will be awarded during this presentation. |
For details and to register, go to ISACA June, 2010 - Registration.
 |
Marvin Reader, CISA |
Shortly, all North Texas Chapter members will be receiving an e-mail asking for topics of interest for the upcoming year of meetings that begins September 2010. We can then use the summer hiatus (July & August) to try to identify topics and presenters of interest to our membership.
As you might expect, your input to this process is invaluable, so when you receive your survey, please make a conscious effort to provide your thoughts.
 |
Jeff Kromer, CISA, CPA, CBA, CFSA |
As we go into our last meeting prior to our summer break, we want to welcome our most recent members - those that have joined ISACA and our North Texas Chapter since May 9th. We hope to see each new member at our monthly meetings.
|
Name |
COMPANY NAME
|
|
Jeff Blackmore |
|
| Russell Moyer | Verizon |
| Babatunde Olorunfemi | |
| Azim Tirmizi | Austin Tech Consulting Inc. |
|
May Luncheon Winners
Following each monthly luncheon meeting, we give away four $50 gift cards to popular merchants in the area, typically Home Depot, Lowe's, Macy's, Nordstrom and/or Best Buy.
May's winners are shown below. The next winner, at our September 2010 meeting, could be you!
|
|
|
May 2010 |
To be eligible for the drawing, you must have checked in and paid at the registration table prior to the luncheon and be present at the time of the drawing. Walk-in's who have paid and registered are also included in the drawing. Our luncheon speaker typically draws the names from the basket to ensure objectivity, and the lucky winners are subsequently photographed for posterity.
 |
Tracy Carter, CISA, CSM, ASM |
Notice of continuing professional education (CPE) policy change for CISAs, CISMs, CGEITs and CRISCs
To recognize the long standing commitment to their careers and chosen professions, ISACA certified professionals who apply and are approved for Retired Status will be issued a certificate of appreciation. In addition, their certification will permanently remain in Retired Status, if they meet all of the following parameters:
Finally, payment of an annual certification maintenance renewal fee will be waived.
Please contact the ISACA Certification department at certification@isaca.org with any questions about this change.
ISACA thanks you for your continued dedication and commitment to the ISACA certification programs.
Certified in Risk and Information Systems Control (CRISC)
CRISC™ (pronounced “see-risk”) is the newest certification being offered by ISACA. The certification was designed for IT and business professionals who identify and manage risks through the development, implementation and maintenance of appropriate information systems controls.
Testing begins in the second half of 2011, but for professionals with at least eight years of relevant experience, a grandfathering program his been initiated that enables one to apply for the CRISC certification without taking the exam. The grandfathering option will remain open for one year, until April 2011. Additional information is available at www.isaca.org/crisc.
.jpg)
